<?php
/**
 *	FILENAME: 		/server_app/authenticate_pin.php
 *	DESCRIPTION:	This script validates an existing user's pin.
 *	AUTHOR:			Taylor Clifton 
 *	VERSION:		1.1.0
 *	LAST MODIFIED:	12/03/10
 **/

require_once($_SERVER['DOCUMENT_ROOT'] . "/config/environment.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/libraries/functions.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/libraries/logging.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/libraries/users.php");

enforceSSL();
setRequestParameters();

$uid = $_PARAMETERS["uid"];
$pin = $_PARAMETERS["pin"];

if (strlen($uid) == 0 || strlen($pin) == 0) {
    $response["response_type"] = "error";
    $response["error_desc"] = "UID or PIN not provided.";
    logWarning("No user data supplied during authentication");
    echo(json_encode($response));
} else {
    $encryptedPin = encryptPin($pin);
    if (authenticatePIN($uid, $encryptedPin)) {
        $response["response_type"] = "success";
        logAction("User Authenticated");        
        echo(json_encode($response));
    } else {
        $response["response_type"] = "error";
        $response["error_desc"] = "Invalid PIN.";        
        logWarning("User Failed Authentication");
        echo(json_encode($response));
    }
}
?>
